Coordination called key to NIPC improvements

NIPC home page

The National Infrastructure Protection Center is slowly improving its ability to provide warnings and analysis on computer security threats, but Congress remains concerned that its greater mission is hurt by a lack of coordination with other agencies and industry.

President Clinton formally established the center in May 1998 with Presidential Decision Directive 63, which requires federal agencies to secure the systems that support the nation's critical infrastructure, such as telecommunications. The NIPC is intended to form a bridge between government and industry for incident warnings and analysis.

The center has made improvements since a General Accounting Office review last year, said Ronald Dick, the center's director. Gains have resulted from adding workers from the Defense Department and moving forward with a new data-mining project for its analysis. Dick testified July 25 before the Senate Judiciary Committee's Technology, Terrorism and Government Information Subcommittee.

In their report, GAO officials said the NIPC was hindered by a lack of analysis, staff members and information from industry. But the biggest problem — and one that still has not been addressed — is the lack of agreement within government on the role the center should play in the larger critical infrastructure protection environment, said Robert Dacey, director of information security issues at GAO.

Subcommittee members said they were most concerned that the NIPC is not receiving appropriate support from agencies and industry. The NIPC should consist of workers from civilian and Defense agencies, but so far, many agencies have not provided the needed personnel. Sen. Jon Kyl (R-Ariz.), ranking member of the subcommittee, suggested that Congress help encourage agencies, through money or mandates, to assign those workers.

But agencies cannot afford to lose precious information security talent, Dick said. "We're stretching our resources as thin as they can be." He said the center's new workers from DOD include a new deputy director.

Subcommittee Chairwoman Dianne Feinstein (D-Calif.) also called on the NIPC to rely on expertise from agencies such as the Secret Service, which works closely with the financial community to combat cybercrime. The Secret Service has developed an extensive training course through its Electronic Crimes Special Agent Program and trains other agencies, state and local governments, and even the private sector, according to James Savage, deputy special agent in charge of the Secret Service's Financial Crimes Division.

The subcommittee also encouraged the NIPC to continue its work to form formal partnerships with industry to gather the information needed to make informed analyses of incidents.

Both Feinstein and Kyl suggested that Congress support the NIPC through legislation, such as a bill introduced recently by Rep. Tom Davis (R-Va.) to create a new exemption to the Freedom of Information Act. Davis' bill, along with another to be co-introduced by Sen. Robert Bennett (R-Utah) and Kyl, would exempt industry cybersecurity information from FOIA requests.


  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

  • Comment
    Pilot Class. The author and Barbie Flowers are first row third and second from right, respectively.

    How VA is disrupting tech delivery

    A former Digital Service specialist at the Department of Veterans Affairs explains efforts to transition government from a legacy "project" approach to a more user-centered "product" method.

  • Cloud
    cloud migration

    DHS cloud push comes with complications

    A pressing data center closure schedule and an ensuing scramble to move applications means that some Homeland Security components might need more than one hop to get to the cloud.

Stay Connected


Sign up for our newsletter.

I agree to this site's Privacy Policy.